This file is accessible to anyone who wishes to download it from the site.
These backup files are usually created by developers in order to back up the server files and could hold sensitive information.
This file may contain sensitive information about the site code, configuration files, usernames, passwords, etc. An attacker can use this information to conduct further attacks.
Make sure that the files do not contain sensitive information about the website/website source code, remove them if not needed or restrict access to these files.